Tag: API

Update 14/04/2020: This feature is available in the Cloud Director UI from version 10.1.

As of vCloud Director 8.10 it is possible for the tenant Organization Administrator to control access to Organization VDCs. This enables the following use case:

In one Organization there are multiple Org VDCs belonging to different business units. Each Org VDC has its own Organization VDC administrator (from the business unit) who can manage Org VDC resources (networks, Edge Gateways) in his Organization VDC but does not see VDCs of other business unit.

The capability is currently available only with vCloud API. There are also four new related user rights that system administrator can use to create new roles.

Allow Access to All Organization VDCs

Edit Access Control List of Organization VDCs

View Access Control List of Organization VDCs

Implicitly Import User/Group from IdP while Editing VDC ACL

Note that I have removed most of Organization and all User rights from the custom Org VDC Admin role which follows the described use case.

In the following example I have two Org VDCs – Production and Test in Organization ACME. The Organization Administrator (acmeadmin) created two Org VDC Admin users – acmeadminprod and acmeadmintest. Now he will create access for each to his corresponding Org VDC.

As was mentioned above, this is done with vCloud API PUT request. First we need to find out Org VDC and user references.

Now we can log in as each Org VDC Administrator and verify that we see only one Org VDC:

User acmeadminprod can see only Org VDC Production:

User acmeadmintest can see only Org VDC Test:

As both Org VDCs were set as private the Organization Administrator will now have to explicitly enable access for regular users to each Org VDC with the same PUT request. There is maximum of 200 user/group references per Org VDC.

Share this:

Like this:

Very useful new feature of vCloud Director 8.10 is the possibility to query with vCloud API guest OS customization status. Typical use case is when the tenant runs custom orchestration to deploy VM and install and configure application in it. When the VM is powered-on for the first time, the operating system boots up and vCloud Director runs customization scripts to set identity (hostname, SID), networking, administrator password, etc. Read Massimo’s blog for deep dive into guest cutomization.

Tenant’s custom orchestration then needs to wait for the customization to finish and then finally log into the VM and proceed with the application installation and configuration. The problem in the past was that there was no easy way to find out if the guest customization was finished. Not anymore.